๐OSCP ROCKET
Enumeration
Phases of Enumeration
1. Network Enumeration
Nmap
Full TCP port scan
nmap -Pn -p- -oN alltcp_ports.txt $ip
Full TCP port scan (safe scripts + version detection)
nmap -Pn -sC -sV -p- -oN alltcp.txt $ip
Top 20 UDP port scan
nmap -Pn -sU -sV -sC --top-ports=20 -oN top_20_udp_nmap.txt $ip
Nmap NSE Scripts:
nmap --script vuln <target-ip>All Ports Scan:
nmap -p- -oN all_ports.txt <target-ip>nmap -sCV -A -p- 192.168.232.211 --min-rate=10000 -oA fullportscan
Basic Scan
nmap -sC -sV -oN basic_scan.txt <target-ip>nmap -sC -sV -o nmap -A -T5 10.10.10.x
Host Discovery
nmap -sn 10.10.1.1-254 -vv -oA hosts
netdiscover -r 10.10.10.0/24
DNS server discovery
nmap -p 53 10.10.10.1-254 -vv -oA dcs
NSE Scripts Scan
nmap -sV --script=vulscan/vulscan.nse
Running specific NSE scripts
nmap -Pn -sC -sV --script=vuln*.nse -p$ports 10.10.10.x -T5 -A
Last updated
Was this helpful?